← Legacy view v2 (rp.*)

garciapermanaa-cyber/absen-magang

https://github.com/garciapermanaa-cyber/absen-magang.git · lang: typescript · LOC: · source: user_submitted

Quality
46.3
Grade D+
Security
90.9
Findings
20
0 critical · 5 high
Status
completed
May 27, 2026 13:53
info: 8 high: 5 medium: 4 low: 3
Top rules by occurrence
RuleSeverityCount
MINED052 Ts Any Typed info 4
MINED044 Js Console Log Prod info 4
JRN002 Browser storage is used for session token material medium 2
JRN009 Secret-like setting is echoed into a password input value high 2
AIC003 Duplicated implementation block across source files low 2
MINED113 Express POST/PUT/DELETE/PATCH route without auth high 2
CORE_NO_LICENSE No LICENSE file low 1
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… medium 1
CORE_NO_CI No CI/CD configuration found medium 1
CORE_NO_TESTS No test files found high 1
First 20 findings (severity-sorted)
high CORE_NO_TESTS No test files found 
No test files found
high JRN009 Secret-like setting is echoed into a password input value
frontend/src/pages/Login.tsx:51 · conf 0.83 
Secret-like setting is echoed into a password input value
high JRN009 Secret-like setting is echoed into a password input value
frontend/src/pages/Register.tsx:63 · conf 0.83 
Secret-like setting is echoed into a password input value
high MINED113 Express POST/PUT/DELETE/PATCH route without auth CWE-306CWE-862
backend/src/routes/authRoutes.ts:6 · conf 0.80 
[MINED113] Express POST /register has no auth: Express route POST /register declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated ro…
high MINED113 Express POST/PUT/DELETE/PATCH route without auth CWE-306CWE-862
backend/src/routes/authRoutes.ts:7 · conf 0.80 
[MINED113] Express POST /login has no auth: Express route POST /login declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes a…
medium CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
· conf 1.00 
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium JRN002 Browser storage is used for session token material
frontend/src/context/AuthContext.tsx:15 · conf 0.82 
Browser storage is used for session token material
medium JRN002 Browser storage is used for session token material
frontend/src/context/AuthContext.tsx:29 · conf 0.82 
Browser storage is used for session token material
low AIC003 Duplicated implementation block across source files
frontend/src/pages/Dashboard.tsx:139 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
frontend/src/pages/Register.tsx:42 · conf 0.86 
Duplicated implementation block across source files
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
info MINED044 Js Console Log Prod CWE-532
· conf 0.20 
[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.
info MINED044 Js Console Log Prod CWE-532
backend/prisma/seed.ts:38 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
backend/src/index.ts:28 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
frontend/src/pages/AdminDashboard.tsx:28 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED052 Ts Any Typed CWE-704
· conf 0.20 
[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed.
info MINED052 Ts Any Typed CWE-704
frontend/src/context/AuthContext.tsx:4 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED052 Ts Any Typed CWE-704
frontend/src/pages/Dashboard.tsx:68 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED052 Ts Any Typed CWE-704
frontend/src/pages/Login.tsx:22 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/135fa81c-26ed-440a-b163-cc596fe0dca3/.